Microsoft rolls back ‘dumbest cybersecurity move in a decade’ 

Microsoft’s recently announced Recall feature, which archived screenshots of users’ activity to provide a searchable timeline, was found to store sensitive data insecurely (reported as plaintext). Security researchers created a tool called TotalRecall to copy and parse the database, exposing potential leakage of usernames, passwords, and other sensitive content. In response, Microsoft moved to make Recall opt-in and off by default, require Windows Hello biometric enrollment and proof-of-presence to view/search Recall, and said it would enhance encryption of the Recall database; researchers have indicated they will verify the effectiveness of these changes.